1. If I wanted to place an IDS on my network so that it could see the most amount of traffic, I would

		Place it right in front of the suspected compromised host.
		Place it on any port of a local switch.
		Find the closest place to the gateway of my network and use a network tapping device.
		2. IDSs are not used for this role.

In most cases, which of the following methods would you NOT want to use with an IDS

		SPAN port
		Network Tap
		Network Hub
		An unconfigured switch port

3. How are Cisco Access Control Lists usually processed?

		They are usually processed by the quantum compiler first, then the flux intensifier, and lastly the decoder.
		Access control list entries are processed at the same time.
		From the bottom up.
		From the top down.

4.All are true about Stateful Firewalls EXCEPT:

		Require that connections passing through are legitimate for their protocols.
		Have unlimited state tables to monitor connections.
		Can rebuild fragmented connections.
		Require more processing power than just packet filtering firewalls

5.Which one of these sessions would NOT be ideal for payload inspection?

		HTTP GET request
		Yahoo SMTP session
		Amazon SSL connection
		An HTTP web search

6.If you implement too many security controls, what portion of the CIA triad (Information Assurance Pyramid) may suffer?

Availability

Confidentiality

Integrity

All of the above

7.This simulates the actions of a hypothetical attacker to attempt to compromise hosts.

		Vulnerability assessment
		Penetration Test (PenTest)
		Risk Assessment
		All of the above.

8.How could a corporate user with an unauthorized Wireless USB CDMA adapter from Verizon create a backdoor into the network?

		CDMA broadcasts in plaintext.
		Since it is easy to do, an attacker is likely to hack the CDMA signal and intercept wireless packets.
		This would not create a backdoor since they are two separate networks.
		This would inadvertently create a network bridge that could allow access to content behind the business's security controls

9.Hardening a Router consists of all of the following EXCEPT:

		Changing default passwords
		Disable unused services
		Turn on logging to syslog server if possible
		Enable SSH and TELNET

10.What is the Gold Disk?

		Something The Beatles have too many of.
		A desktop deployment standard with all of the same programs, services, and baseline features installed for continuity.
		A set of server backups placed on a high capacity optical disk
		A compilation of patches, fixes, and security controls that can be run on the host machine in order to advert network traffic congestion

11.Host-Based monitoring will alert on all of the following except:

		Changes to the system registry
		Kernel changes
		Zero-day browser exploits
		falied login attempts

12.Access control includes all of the following execpt:

		Authentication of users
		Authorization of user's privileges
		Auditing to monitor and record user actions
		Creation of a user's files

13.The payload, in relation to viruses and worms, is the:

		part of the malware that is used to hide itself from antivirus and intrusion detection systems.
		legitimate program that the malware hijacks
		data in a ICMP packet
		malicious code that is executed on a compromised host

14.A poorly written signature that fails to generate an alert would be considered a:

		False Positive
		False Negative
		Positive Negative
		Negative Positive

15.The open source IDS/IPS tool that is most widely used is:

		Wireshark
		Kali Linux
		Netminer
		Snort